I. CLAIM AMENDMENTS 

Please amend the claims as indicated in the following listing: 

1 . (original) A programmable apparatus for authenticating and authorizing a service request 
sent from a service client to a service provider, comprising: 

a processor; 

a memory; 

an authorization database in the memory; 

a service request filter program in the memory directing the processor to 

receive an incoming service request from the service client on a commimication 

channel, the service request having a digital certificate attached; 
extract a service client identifier from the digital certificate associated with the service 

request; 

store the service client identifier in the memory; and 

send the service request on the communication charmei to a web service manager; 
a service client authentication program in the memory directing the processor to 

responsive to receiving an authentication request from a web service manager, match 
the service client identifier with a service client record in the authorization database 
having the same service client identifier; and 
responsive to matching the service client identifier with a record in the authorization 
database, call a service authorization program in the memory; 
wherein the service authorization program directs the processor to 

determine if the service client identifier associated with the service request is authorized 
to access the service provider; and 
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responsive to determining that the service request is authorized, authorize the service 
provider to process the request. 

2. (original) The programmable apparatus of claim 1 wherein the service request filter program 
further directs the processor to authenticate the digital certificate with the issuing certification 
authority. 

3. (original) The programmable apparatus of claim 1 wherein the digital certificate is an X,509 
digital certificate, 

4. (original) The programmable apparatus of claim 1 wherein the service client identifier is a 
Distinguished Name» 

5. (original) The programmable apparatus of claim 1 wherein the digital certificate is self- 
signed, 

6. (original) The programmable apparatus of claim 1 further comprising an authorization log. 

7. (original) The programmable apparatus of claim 6 wherein the service client authentication 
program further records the service client identifier in the authorization log. 

8- (original) The progranmiable apparatus of claim 6 wherein the service authorization 
program further records the service client identifier and service request in the authorization log. 

9, (original) A web service architecture having the programmable apparatus of claim 1 , 

10, (original) A computer-readable memory for causing a computer to authenticate and 
authorize service requests sent from a service client to a service provider, comprising: 

a computer-readable storage medium; 

an authorization database stored in the storage medium; 

a service request filter program stored in the storage medium, wherein the storage medium, 
so configured by the service request filter program, causes the computer to 
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receive an incoming service request on a communication channel, the service request 

having a digital certificate attached; 
extract a service client identifier firom the digital certificate associated with the service 

request; 

store the service client identifier in the memory; and 

send the service request on the communication channel to a web service manager; 
a service client authentication program stored in the storage medium^ wherein the storage 
medium, so configured by the service client authentication program, causes the 
computer to 

responsive to receiving an authentication request firom a web service manager, match 
the service client identifier with a service client record in the authorization database 
having the same service client identifier; and 
responsive to matching the service client identifier with a record in the authorization 
database, call a service authorization program in the memory; 
wherein the service authorization program is stored in the storage medium, and the storage 
medium, so configured by the service authorization program, causes the computer to 
determine if the service client identifier associated with the service request is authorized 

to access the service provider; and 
responsive to determining that the service request is authorized, authorize the service 
provider to process the request. 
1 1 . (original) The computer readable memory of claim 1 0 wherein the service request filter 
program fiirther causes the computer to authenticate the digital certificate with the issuing 
certification authority. 
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12. (original) The computer-readable memory of claimlO wherein the digital certificate is an 
X.509 digital certificate. 

1 3. (original) The computer-readable memory of claiml 0 wherein the service client identifier is 
a Distinguished Name. 

14. (original) The computer-readable memory of claim 10 wherein the digital certificate is self- 
signed. 

1 5. (original) The computer-readable memory of claim 1 0 further comprising an authorization 

log. 

1 6. (original) The computer-readable memory of claim 1 5 wherein the service client 
authentication program fisher causes to the computer to record the service client identifier in the 
authorization log. 

17. (original) The computer-readable memory of claim 15 wherein the service authorization 
program fi^er causes the computer to record the service cHent identifier and service request in 
the authorization log. 

1 8. (original) A method of authenticating and authorizing a service request sent fi-om a service 
client to a service provider, comprising the steps of: 

receiving an incoming service request on a communication channel, the service request 

having a digital certificate attached; 
extracting a service client identifier from the digital certificate associated with the service 

request; 

storing the service client identifier in the memory; 
sending the service request to a web service manager; 
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responsive to receiving an authentication request from a web service manager, matching the 

service client identifier with a service client record in the authorization database having 

the same service client identifier; 
determining if the service client identifier associated with the service request is authorized to 

access the service provider; and 
responsive to determining that the service request is authorized, authorizing the service 

provider to process the request. 

1 9. (original) The method of claim 1 8 further comprising the step of authenticating the digital 
certificate with the issuing certification authority. 

20. (original) The method of claun 1 8 wherein the digital certificate is an X.509 digital 
certificate. 

2L (original) The method of claim 18 wherein the service client identifier is a Distinguished 
Name. 

22, (original) The method of claim 18 wherein the digital certificate is self-signed, 

23, (original) The method of claim 18 further comprising the step of recording the service client 
identifier in an authorization log. 

24, (original) The metliod of claim 18 further comprising the step of recording the service client 
identifier and service request in the authorization log. 
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